Pulse Detail — Threat Intelligence

PULSE NAME

ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity

WHITE mohdrennis 2022-04-17 Modified: 2022-04-17

102

IOCs

HIGH VOLUME

Zloader is one of the world’s most dangerous banking trojan families, and ESET researchers have been closely monitoring its activity and evolution since it was announced and advertised in underground forums.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1068 T1566 T1496 T1090 T1003 T1005 T1008 T1012 T1016 T1027 T1033 T1036 T1041 T1047 T1055 T1056 T1057 T1059 T1070 T1071 T1074 T1082 T1083 T1106 T1113 T1124 T1140 T1189 T1204 T1219 T1482 T1489 T1490 T1518 T1529 T1539 T1547 T1548 T1553 T1555 T1557 T1560 T1562 T1568 T1573 T1583 T1584 T1587 T1588

MALWARE FAMILIES

Zloader Zbot KY NKA ADI HODI Cobalt Strike HOGN ADUM PHL PHM AO HNLQ Ursnif

Indicators of Compromise (8 / 102 total)

All URL CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	03d5ae30a0bd934a23b6a7f0756aa504	—	2022-04-17
FileHash-MD5	077cfbe2754d9bdd984cebff7b925ad8	MD5 of 30d8ba32daf9e18e9e3ce564fc117a2faf738405	2022-04-17
FileHash-MD5	5cae01aea8ed390ce9bec17b6c1237e4	MD5 of 3a80a49efaac5d839400e4fb8f803243fb39a513	2022-04-17
FileHash-MD5	5ce59cd58a34bc0530e398330013ee77	MD5 of f3b3cf03801527c24f9059f475a9d87e5392dae9	2022-04-17
FileHash-MD5	66863e846cd5360736c868038b4d8a02	MD5 of e7d7be1f1fe04f6708efb8f0f258471d856f8f8f	2022-04-17
FileHash-MD5	800f1fbfda6fa368cd469f5bdff644b0	MD5 of fa1db6808d4b4d58de6f7798a807dd4bea5b9bf7	2022-04-17
FileHash-MD5	ae2b147bba8bbe97300ee12fa439d19b	MD5 of 4858bc02452a266ea3e1a0dd84a31fa050134fb8	2022-04-17
FileHash-MD5	e5f69cf5e3b412444c4ad60defefc861	MD5 of f4879eb2c159c4e73139d1ac5d5c8862af8f1719	2022-04-17

References (1)

↗ https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/